October 10, 2023 at 05:21PM
Apple has addressed two security issues in their products. The first issue, identified as CVE-2023-42824, could allow a local attacker to elevate their privileges. It may have been actively exploited on iOS versions prior to iOS 16.6. The second issue, identified as CVE-2023-5217, involves a buffer overflow that could lead to arbitrary code execution. Updates are available for various iPhone and iPad models.
Meeting Notes Summary:
1. Apple has addressed a security issue (CVE-2023-42824) in the Kernel with improved checks. The issue allowed a local attacker to potentially elevate their privileges. Apple is aware of reports suggesting this issue may have been actively exploited on iOS versions prior to iOS 16.6. An update is available for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
2. Another security issue (CVE-2023-5217) was addressed by updating to libvpx 1.13.1. This issue potentially caused a buffer overflow leading to arbitrary code execution. The update for this is also available for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
If you have any further questions or need additional information, please let me know.